File proftpd.changes of Package proftpd
-------------------------------------------------------------------
Fri Jun 13 13:11:39 UTC 2025 - chris@computersalat.de
- switch to _service file
* Add _service
* Remove proftpd-1.3.9.tar.gz
* Remove proftpd-1.3.9.tar.gz.asc
- rename patches
* proftpd-basic.conf.patch -> proftpd_basic.conf.patch
* proftpd-dist.patch -> proftpd_dist.patch
* proftpd-ftpasswd.patch -> proftpd_ftpasswd.patch
* proftpd-no_BuildDate.patch -> proftpd_no-BuildDate.patch
* proftpd-strip.patch -> proftpd_strip.patch
- Update proftpd.service file
- cleanup spec
* Remove SysVinit stuff
- Remove proftpd.init file
-------------------------------------------------------------------
Fri Jun 13 09:46:29 UTC 2025 - chris@computersalat.de
- 1.3.9 - Released 14-Mar-2025
* http://proftpd.org/docs/NEWS-1.3.9
- rebase patches
* harden_proftpd.service.patch
* proftpd-no_BuildDate.patch
-------------------------------------------------------------------
Thu Jun 12 12:51:04 UTC 2025 - chris@computersalat.de
- 1.3.8d - Released 14-Mar-2025
* http://proftpd.org/docs/NEWS-1.3.8d
- rebase patch
* proftpd-no_BuildDate.patch
- remove obsolete patch
* proftpd-null_pointer.patch
-------------------------------------------------------------------
Fri Mar 14 15:16:10 UTC 2025 - Andreas Stieger <andreas.stieger@gmx.de>
- build with pcre2
-------------------------------------------------------------------
Thu Feb 20 09:05:57 UTC 2025 - chris@computersalat.de
- fix for boo#1236889 (CVE-2024-57392)
https://github.com/proftpd/proftpd/issues/1866
Some of the fuzzing tests submitted in the advisory ran into existing null
pointer dereferences (not buffer overflows); let's correct them.
- Add proftpd-null_pointer.patch
-------------------------------------------------------------------
Thu Jan 9 17:25:19 UTC 2025 - chris@computersalat.de
- 1.3.8c - Released 11-Dec-2024
fix for boo#1233997 (CVE-2024-48651)
* http://proftpd.org/docs/NEWS-1.3.8c
gh#1830 - Supplemental group inheritance grants unintended access to GID 0
due to lack of supplemental groups from mod_sql
https://github.com/proftpd/proftpd/issues/1830
- rebase patch
* proftpd-no_BuildDate.patch
-------------------------------------------------------------------
Thu Feb 29 14:45:47 UTC 2024 - Dominique Leuenberger <dimstar@opensuse.org>
- Use %autosetup macro. Allows to eliminate the usage of deprecated
%patchN.
-------------------------------------------------------------------
Wed Jan 3 14:44:02 UTC 2024 - chris@computersalat.de
- Update changes file
* add missing boo#1218144 (CVE-2023-48795) info
* add missing CVE-2023-51713 info
-------------------------------------------------------------------
Wed Dec 27 21:52:11 UTC 2023 - chris@computersalat.de
- 1.3.8b - Released 19-Dec-2023
fix for boo#1218144 (CVE-2023-48795)
* http://proftpd.org/docs/NEWS-1.3.8b
* Implemented mitigations for "Terrapin" SSH attack (CVE-2023-48795).
- rebase patch
* proftpd-no_BuildDate.patch
-------------------------------------------------------------------
Thu Nov 2 16:24:34 UTC 2023 - chris@computersalat.de
- 1.3.8a - Released 08-Oct-2023
fix for boo#1218344 (CVE-2023-51713):
gh#1683 - Out-of-bounds buffer read when handling FTP commands.
https://github.com/proftpd/proftpd/issues/1683
* http://proftpd.org/docs/NEWS-1.3.8a
* Fixed builds when using OpenSSL 3.x
-------------------------------------------------------------------
Wed Jan 25 21:05:11 UTC 2023 - chris@computersalat.de
- 1.3.7f - Released 04-Dec-2022
* Issue 1533 - mod_tls module unexpectedly allows TLS handshake after
authentication in some configurations.
* Bug 4491 - unable to verify signed data: signature type 'rsa-sha2-512' does
not match publickey algorithm 'ssh-rsa'.
-------------------------------------------------------------------
Mon Jan 16 10:43:46 UTC 2023 - Stefan Schubert <schubi@suse.com>
- Migration of PAM settings to /usr/lib/pam.d.
-------------------------------------------------------------------
Thu Sep 1 19:28:50 UTC 2022 - chris@computersalat.de
- Update proftpd-basic.conf.patch
* remove obsolete config option, LoginPasswordPrompt
- rework proftpd-dist.patch
-------------------------------------------------------------------
Tue Aug 9 16:37:52 UTC 2022 - chris@computersalat.de
- 1.3.7e - Released 23-Jul-2022
* Issue 1448 - Ensure that mod_sftp algorithms work properly with OpenSSL 3.x.
- 1.3.7d - Released 23-Apr-2022
* Issue 1321 - Crash with long lines in AuthGroupFile due to large realloc(3).
* Issue 1325 - NLST does not behave consistently for relative paths.
* Issue 1346 - Implement AllowForeignAddress class matching for passive data
transfers.
* Bug 4467 - DeleteAbortedStores removes successfully transferred files
unexpectedly.
* Issue 1401 - Keepalive socket options should be set using IPPROTO_TCP, not
SOL_SOCKET.
* Issue 1402 - TCP keepalive SocketOptions should apply to control as well as
data connection.
* Issue 1396 - ProFTPD always uses the same PassivePorts port for first
transfer.
* Issue 1369 - Name-based virtual hosts not working as expected after upgrade
from 1.3.7a to 1.3.7b.
- rebase proftpd-no_BuildDate.patch
-------------------------------------------------------------------
Sun Mar 27 13:17:21 UTC 2022 - chris@computersalat.de
- fix deps for SLES
-------------------------------------------------------------------
Sat Mar 26 16:41:02 UTC 2022 - chris@computersalat.de
- remove configure --disable-static
-------------------------------------------------------------------
Tue Mar 1 18:37:02 UTC 2022 - chris@computersalat.de
- Update to version 1.3.7c:
* http://proftpd.org/docs/NEWS-1.3.7c
* http://proftpd.org/docs/RELEASE_NOTES-1.3.7c
- Update patches
* harden_proftpd.service.patch
* proftpd-ftpasswd.patch
* proftpd-no_BuildDate.patch
* proftpd.spec
* proftpd_env-script-interpreter.patch
-------------------------------------------------------------------
Wed Oct 20 13:16:36 UTC 2021 - Johannes Segitz <jsegitz@suse.com>
- Added hardening to systemd service(s) (bsc#1181400). Added patch(es):
* harden_proftpd.service.patch
Modified:
* proftpd.service
-------------------------------------------------------------------
Thu Nov 19 14:16:47 UTC 2020 - Dominique Leuenberger <dimstar@opensuse.org>
- Update to version 1.3.6e:
+ Invalid SCP command leads to null pointer dereference.
- Do not limit to openSSL < 1.1: proftpd has had support for
openSSL 1.1 sice version 1.3.6a.
- Rebase proftpd-no_BuildDate.patch.
-------------------------------------------------------------------
Fri Jun 5 11:02:29 UTC 2020 - chris@computersalat.de
- update to 1.3.6d
* Issue 857 - Fixed regression in the handling of `%{env:...}` configuration
variables when the environment variable is not present.
* Issue 940 - Second LIST of the same symlink shows different results.
* Issue 959 - FTPS uploads using TLSv1.3 are likely to fail unexpectedly.
* Issue 980 - mod_sftp sends broken response when CREATETIME attribute is
requested.
* Bug 4398 - Handle zero-length SFTP WRITE requests without error.
* Issue 1018 - PidFile should not be world-writable.
* Issue 1014 - TLSv1.3 handshake fails due to missing session ticket key on
some systems.
* Issue 1023 - Lowercased FTP commands not properly identified.
- rebase proftpd-no_BuildDate.patch
-------------------------------------------------------------------
Mon Feb 24 17:06:07 UTC 2020 - chris@computersalat.de
- fix for boo#1164572 (CVE-2020-9272, gh#902)
- fix for boo#1164574 (CVE-2020-9273, gh#903)
- update to 1.3.6c
* Fixed regression in directory listing latency (Issue #863).
* Detect OpenSSH-specific formatted SFTPHostKeys, and log hint for
converting them to supported format.
* Fixed use-after-free vulnerability during data transfers (Issue #903).
* Fixed out-of-bounds read in mod_cap by updating the bundled libcap
(Issue #902).
- remove obsolete proftpd-tls-crls-issue859.patch
- rebase patches
* proftpd-ftpasswd.patch
* proftpd-no_BuildDate.patch
* proftpd_env-script-interpreter.patch
-------------------------------------------------------------------
Sat Feb 1 17:25:05 UTC 2020 - chris@computersalat.de
- cleanup tls.template
* remove deprecated NoCertRequest from TLSOptions
-------------------------------------------------------------------
Sat Dec 28 20:45:30 UTC 2019 - chris@computersalat.de
- fix changes file
* add missing info about boo#1155834
* add missing info about boo#1154600
- fix for boo#1156210
* GeoIP has been discontinued by Maxmind
* remove module build for geoip
see https://support.maxmind.com/geolite-legacy-discontinuation-notice/
- fix for boo#1157803 (CVE-2019-19269), boo#1157798 (CVE-2019-19270)
* add upstream patch proftpd-tls-crls-issue859.patch
-------------------------------------------------------------------
Sun Nov 3 22:25:28 UTC 2019 - chris@computersalat.de
- fix for boo#1154600 (CVE-2019-18217, gh#846)
- update to 1.3.6b
* Fixed pre-authentication remote denial-of-service issue (Issue #846).
* Backported fix for building mod_sql_mysql using MySQL 8 (Issue #824).
- update to 1.3.6a
* Fixed symlink navigation (Bug#4332).
* Fixed building of mod_sftp using OpenSSL 1.1.x releases (Issue#674).
* Fixed SITE COPY honoring of <Limit> restrictions (Bug#4372).
* Fixed segfault on login when using mod_sftp + mod_sftp_pam (Issue#656).
* Fixed restarts when using mod_facl as a static module
- remove obsolete proftpd-CVE-2019-12815.patch
* included in 1.3.6a (Bug#4372)
- add proftpd_env-script-interpreter.patch
* RPMLINT fix for env-script-interpreter (Badness: 9)
-------------------------------------------------------------------
Sat Nov 2 18:12:51 UTC 2019 - Martin Hauke <mardnh@gmx.de>
- fix for boo#1155834
* Add missing Requires(pre): group(ftp) for Leap 15 and Tumbleweed
* Add missing Requires(pre): user(ftp) for Leap 15 and Tumbleweed
-------------------------------------------------------------------
Wed Oct 2 15:01:11 UTC 2019 - Bernhard Wiedemann <bwiedemann@suse.com>
- Update proftpd-dist.patch to use pam_keyinit.so (boo#1144056)
-------------------------------------------------------------------
Fri Aug 2 14:52:48 UTC 2019 - chris@computersalat.de
- fix for boo#1142281 (CVE-2019-12815, bpo#4372)
arbitrary file copy in mod_copy allows for remote code execution
and information disclosure without authentication
- add patch
* proftpd-CVE-2019-12815.patch
taken from:
- http://bugs.proftpd.org/show_bug.cgi?id=4372
- https://github.com/proftpd/proftpd/commit/a73dbfe3b61459e7c2806d5162b12f0957990cb3
-------------------------------------------------------------------
Mon Jul 1 13:50:01 UTC 2019 - chris@computersalat.de
- update changes file
* add missing info about bugzilla 1113041
-------------------------------------------------------------------
Tue Mar 26 11:35:53 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
- Fix the Factory build: select the appropriate OpenSSL version
to build with. (fix for boo#1113041)
-------------------------------------------------------------------
Wed Mar 20 18:46:47 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
- Reduce hard dependency on systemd to only that which is
necessary for building and installation.
- Modernize RPM macro use (%make_install, %tmpfiles_create).
- Strip emphasis from description and trim other platform mentions.
-------------------------------------------------------------------
Wed Jul 11 08:05:29 UTC 2018 - chris@computersalat.de
- update to 1.3.6
* Support for using Redis for caching, logging; see the doc/howto/Redis.html
documentation.
* Fixed mod_sql_postgres SSL support (Issue #415).
* Support building against LibreSSL instead of OpenSSL (Issue #361).
* Better support on AIX for login restraictions (Bug #4285).
* TimeoutLogin (and other timeouts) were not working properly for SFTP
connections (Bug#4299).
* Handling of the SIGILL and SIGINT signals, by the daemon process, now causes
the child processes to be terminated as well (Issue #461).
* RPM .spec file naming changed to conform to Fedora guidelines.
* Fix for "AllowChrootSymlinks off" checking each component for symlinks
(CVE-2017-7418).
-New Modules:
* mod_redis, mod_tls_redis, mod_wrap2_redis
With Redis now supported as a caching mechanism, similar to Memcache,
there are now Redis-using modules: mod_redis (for configuring the Redis
connection information), mod_tls_redis (for caching SSL sessions and
OCSP information using Redis), and mod_wrap2_redis (for using ACLs stored
in Redis).
-Changed Modules:
* mod_ban
The mod_ban module's BanCache directive can now use Redis-based caching;
see doc/contrib/mod_ban.html#BanCache.
-New Configuration Directives
* SQLPasswordArgon2, SQLPasswordScrypt
The key lengths for Argon2 and Scrypt-based passwords are now configurable
via these new directives; previously, the key length had been hardcoded
to be 32 bytes, which is not interoperable with all other implementations
(Issue #454).
-Changed Configuration Directives
* AllowChrootSymlinks
When "AllowChrootSymlinks off" was used, only the last portion of the
DefaultRoot path would be checked to see if it was a symlink. Now,
each component of the DefaultRoot path will be checked to see if it is
a symlink when "AllowChrootSymlinks off" is used.
* Include
The Include directive can now be used within a <Limit> section, e.g.:
<Limit LOGIN>
Include /path/to/allowed.txt
DenyAll
</Limit>
-API Changes
* A new JSON API has been added, for use by third-party modules.
- remove obsolete proftpd_include-in-limit-section.patch
- rebase patches
* proftpd-ftpasswd.patch
* proftpd-no_BuildDate.patch
-------------------------------------------------------------------
Tue Jul 10 11:57:58 UTC 2018 - chris@computersalat.de
- update to 1.3.5e
* Fixed SFTP issue with umac-64@openssh.com digest/MAC.
* Fixed regression with mod_sftp rekeying.
* Backported fix for "AllowChrootSymlinks off" checking each component
for symlinks (CVE-2017-7418).
- remove obsolete patch
* proftpd-AllowChrootSymlinks.patch (now included)
- rebase patches
* proftpd-dist.patch
* proftpd-no_BuildDate.patch
* proftpd_include-in-limit-section.patch
-------------------------------------------------------------------
Fri Jul 21 04:43:44 UTC 2017 - bwiedemann@suse.com
- Sort SHARED_MODS list to fix build compare (boo#1041090)
-------------------------------------------------------------------
Fri Jun 16 08:28:42 UTC 2017 - nmoudra@suse.com
- Removed xinetd service
-------------------------------------------------------------------
Fri Apr 7 20:49:37 UTC 2017 - chris@computersalat.de
- fix for boo#1032443 (CVE-2017-7418)
* AllowChrootSymlinks not enforced by replacing a path component
with a symbolic link
* add upstream commit (ecff21e0d0e84f35c299ef91d7fda088e516d4ed)
as proftpd-AllowChrootSymlinks.patch
- fix proftpd-tls.template
* reduce TLS protocols to TLSv1.1 and TLSv1.2
* disable TLSCACertificateFile
* add TLSCertificateChainFile
-------------------------------------------------------------------
Thu Mar 23 15:05:22 UTC 2017 - jengelh@inai.de
- Remove --with-pic, there are no static libs.
- Replace %__-type macro indirections.
- Replace old $RPM shell vars by macros.
-------------------------------------------------------------------
Mon Mar 6 22:32:07 UTC 2017 - chris@computersalat.de
- fix and update proftpd-basic.conf.patch
- add some sample config and templates for tls
* proftpd-tls.template
* proftpd-limit.conf
* proftpd-ssl.README
-------------------------------------------------------------------
Sun Feb 5 20:03:18 UTC 2017 - chris@computersalat.de
- backport upstream feature
* include-in-limit-section (gh#410)
* add proftpd_include-in-limit-section.patch
-------------------------------------------------------------------
Tue Jan 17 19:53:55 UTC 2017 - chris@computersalat.de
- update to 1.3.5d
* gh#4283 - All FTP logins treated as anonymous logins again. This is a
regression of gh#3307.
-------------------------------------------------------------------
Sun Jan 15 21:01:43 UTC 2017 - chris@computersalat.de
- update to 1.3.5c
* SSH rekey during authentication can cause issues with clients.
* Recursive SCP uploads of multiple directories not handled properly.
* LIST returns different results for file, depending on path syntax.
* "AuthAliasOnly on" in server config breaks anonymous logins.
* CapabilitiesEngine directive not honored for <IfUser>/<IfGroup>
sections.
* Support OpenSSL 1.1.x API.
* Memory leak when mod_facl is used.
-rebase proftpd-no_BuildDate.patch
-------------------------------------------------------------------
Sat Aug 27 22:42:48 UTC 2016 - chris@computersalat.de
- fix systemd vs SysVinit
-------------------------------------------------------------------
Sun May 8 22:05:07 UTC 2016 - jengelh@inai.de
- Remove redundant spec sections
- Ensure systemd-tmpfiles is called for the provied config file
-------------------------------------------------------------------
Sun May 8 19:25:45 UTC 2016 - chris@computersalat.de
- fix for boo#970890 (CVE-2016-3125)
- update to 1.3.5b:
http://www.proftpd.org/docs/RELEASE_NOTES-1.3.5b
* SSH RSA hostkeys smaller than 2048 bits now work properly.
* MLSD response lines are now properly CRLF terminated.
* Fixed selection of DH groups from TLSDHParamFile.
- rebase proftpd-no_BuildDate.patch
-------------------------------------------------------------------
Sun May 31 18:54:45 UTC 2015 - chris@computersalat.de
- fix for boo#927290 (CVE-2015-3306)
- update to 1.3.5a:
See http://www.proftpd.org/docs/NEWS-1.3.5a
- rebase patches
* proftpd-ftpasswd.patch
* proftpd-no_BuildDate.patch
- remove gpg-offline dependency
- fix permissions on passwd file
* unable to use world-readable AuthUserFile '.../passwd' (perms 0644):
* 0644 -> 0440
-------------------------------------------------------------------
Mon Sep 1 22:04:02 UTC 2014 - andreas.stieger@gmx.de
- ProFTPD 1.3.5
* Added support for SHA-256, SHA-512 password hashes to the ftpasswd tool
* New Modules
mod_geoip, mod_log_forensic, mod_rlimit, mod_snmp, mod_dnsbl
* mod_sftp now supports ECC, ECDSA, ECDH
* Improved FIPS support in mod_sftp.
* mod_sftp module now honors the MaxStoreFileSize directive.
* Many new and changed configuration directives
- update proftpd-no_BuildDate.patch
-------------------------------------------------------------------
Mon Sep 1 19:00:57 UTC 2014 - andreas.stieger@gmx.de
- proftpd 1.3.4e:
Multiple other backported fix from the 1.3.5 branch.
See http://www.proftpd.org/docs/NEWS-1.3.4e
- The fix for the mod_sftp/mod_sftp_pam memory allocation
(CVE-2013-4359) contained in this release was previously patched
into the package.
- adjust proftpd-no_BuildDate.patch for context changes
- remove proftpd-sftp-kbdint-max-responses-bug3973.patch, upstream
-------------------------------------------------------------------
Tue Mar 25 19:56:04 UTC 2014 - crrodriguez@opensuse.org
- Remove tcpd-devel from buildRequires and mod_wrap.
support for tcp_wrappers style /etc/hosts.* is provided
by mod_wrap2_file instead, the latter does not require tcpd.
-------------------------------------------------------------------
Mon Mar 17 18:38:53 UTC 2014 - chris@computersalat.de
- fix for bnc#844183
* proftpd fails to start due to missing /run/proftpd
- add own tmpfiles.d file
* proftpd.tmpfile
-------------------------------------------------------------------
Thu Oct 3 20:48:44 UTC 2013 - chris@computersalat.de
- update to 1.3.4d
* Fixed broken build when using --disable-ipv6 configure option
* Fixed mod_sql "SQLAuthType Backend" MySQL issues
- fix for bnc#843444 (CVE-2013-4359)
* http://bugs.proftpd.org/show_bug.cgi?id=3973
* add proftpd-sftp-kbdint-max-responses-bug3973.patch
-------------------------------------------------------------------
Mon Jul 29 01:12:53 UTC 2013 - crrodriguez@opensuse.org
- Improve systemd service file
- use upstream tmpfiles.d file. related to [bnc#811793]
- Use /run instead of /var/run
-------------------------------------------------------------------
Wed May 1 20:35:19 UTC 2013 - chris@computersalat.de
- update to 1.3.4c
* Added Spanish translation.
* Fixed several mod_sftp issues, including SFTPPassPhraseProvider,
handling of symlinks for REALPATH requests, and response code logging.
* Fixed symlink race for creating directories when UserOwner is in effect.
* Increased performance of FTP directory listings.
- rebase and rename patches (remove version string)
* proftpd-1.3.4a-dist.patch -> proftpd-dist.patch
* proftpd-1.3.4a-ftpasswd.patch -> proftpd-ftpasswd.patch
* proftpd-1.3.4a-strip.patch -> proftpd-strip.patch
-------------------------------------------------------------------
Fri Feb 8 00:19:19 UTC 2013 - chris@computersalat.de
- fix proftpd.conf (rebase basic.conf patch)
* IdentLookups is now a seperate module
<IfModule mod_ident.c> IdentLookups on/off </IfModule>
is needed and module is not built cause crrodriguez disabled it.
-------------------------------------------------------------------
Thu Nov 29 19:03:00 CET 2012 - sbrabec@suse.cz
- Verify GPG signature.
-------------------------------------------------------------------
Fri Nov 2 15:15:25 UTC 2012 - chris@computersalat.de
- fix for bnc#787884
(https://bugzilla.novell.com/show_bug.cgi?id=787884)
* added extra Source proftpd.conf.tmpfile
-------------------------------------------------------------------
Thu Aug 30 17:33:30 UTC 2012 - crrodriguez@opensuse.org
- Disable ident lookups, this protocol is totally obsolete
and dangerous. (add --disable-ident)
- Fix debug info generation ( add --disable-strip)
-------------------------------------------------------------------
Wed Aug 29 21:51:49 UTC 2012 - crrodriguez@opensuse.org
- Add systemd unit
-------------------------------------------------------------------
Tue Aug 14 11:11:28 UTC 2012 - chris@computersalat.de
- update to 1.3.4b
+ Fixed mod_ldap segfault on login when LDAPUsers with no filters used.
+ Fixed sporadic SFTP upload issues for large files.
+ Fixed SSH2 handling for some clients (e.g. OpenVMS).
+ New FactsOptions directive; see doc/modules/mod_facts.html#FactsOptions
+ Fixed build errors on Tru64, AIX, Cygwin.
- add Source Signatuire (.asc) file
- add noBuildDate patch
- add lang pkg
* --enable-nls
- add configure option
* --enable-openssl, --with-lastlog
-------------------------------------------------------------------
Mon Dec 12 15:00:18 UTC 2011 - chris@computersalat.de
- update to 1.3.4a
+ Fixed mod_load/mod_wrap2 build issues.
- 1.3.4
+ New "NoEmptyFragments" TLSOption added; see the TLSOptions documentation
for details.
+ Improved configure script for cross-compiling.
+ Reworked the proftpd.spec RPM file
+ Fixed mod_sql_mysql "Alarm clock" bug on FreeBSD.
+ New "IgnoreSFTPSetTimes" SFTPOption added; see the SFTPOptions
documentation for details.
+ Fixed response pool use-after-free issue.
- for more info please see the RELEASE_NOTES file
- reworked patches
* now p0 patches
-------------------------------------------------------------------
Fri Nov 18 14:56:41 UTC 2011 - chris@computersalat.de
- fix for bnc#731347
* no (hostname -s) in post section
* reworked basic conf patch
-------------------------------------------------------------------
Fri Nov 11 13:13:57 UTC 2011 - chris@computersalat.de
- fix changelog
* RELEASE_NOTES-1.3.3g is lacking of important info
- fix for CVE-2011-4130 (bnc#729830)
* https://bugzilla.novell.com/show_bug.cgi?id=729830
(upstream) http://bugs.proftpd.org/show_bug.cgi?id=3711
=> fixed with version 1.3.3g
-------------------------------------------------------------------
Thu Nov 10 09:39:36 UTC 2011 - chris@computersalat.de
- update to 1.3.3g
(http://www.proftpd.org/docs/RELEASE_NOTES-1.3.3g)
+ New "NoEmptyFragments" TLSOption added; see the TLSOptions documentation
for details.
+ Fixed mod_sql_mysql "Alarm clock" bug on FreeBSD.
(http://www.proftpd.org/docs/NEWS-1.3.3g)
- Bug 3702 - ProFTPD with mod_sql_mysql dies of "Alarm clock" on FreeBSD.
- Bug 3704 - Enable OpenSSL countermeasure against SSLv3/TLSv1 BEAST attacks.
To disable this countermeasure, which may cause interoperability issues
with some clients, use the NoEmptyFragments TLSOption.
- Bug 3711 - Response pool use-after-free memory corruption error.
-------------------------------------------------------------------
Tue Oct 4 22:03:10 UTC 2011 - chris@computersalat.de
- update to 1.3.3f
+ Fixes segfault if mod_sql_mysql and "SQLAuthenticate groupsetfast"
configuration used.
+ Fixes mod_wrap syslog level (regression from Bug#3317).
+ Fixes mod_ifsession segfault if regular expression patterns used in
a <VirtualHost> section.
-------------------------------------------------------------------
Fri Apr 29 11:18:55 UTC 2011 - chris@computersalat.de
- push to Factory
o fix changelog (not in sequence)
o fix license (GPL -> GPLv2+)
o remove Author from description
o remove obsolete extra source proftpd.conf
-------------------------------------------------------------------
Fri Apr 8 22:08:55 UTC 2011 - chris@computersalat.de
- update to 1.3.3e
+ Display messages work properly again.
+ Fixes plaintext command injection vulnerability in FTPS implementation
(i.e. mod_tls). See http://bugs.proftpd.org/show_bug.cgi?id=3624 for
details.
+ Fixes CVE-2011-1137 (badly formed SSH messages cause DoS). See
http://bugs.proftpd.org/show_bug.cgi?id=3586 for details.
+ Performance improvements, especially during server startup/restarts.
-------------------------------------------------------------------
Sun Jan 30 20:40:10 UTC 2011 - chris@computersalat.de
- update to 1.3.3d
+ Fixed sql_prepare_where() buffer overflow (Bug#3536)
+ Fixed CPU spike when handling .ftpaccess files.
+ Fixed handling of SFTP uploads when compression is used.
-------------------------------------------------------------------
Fri Oct 22 23:26:10 UTC 2010 - mseben@gmail.com
- update to 1.3.3c
+ Fixed Telnet IAC stack overflow vulnerability (ZDI-CAN-925)
+ Fixed directory traversal bug in mod_site_misc
+ Fixed SQLite authentications using "SQLAuthType Backend"
-------------------------------------------------------------------
Fri Oct 22 17:49:06 UTC 2010 - chris@computersalat.de
- clenaup spec
- fix doc pkg
o should not provide pkgconfig
-------------------------------------------------------------------
Fri Oct 15 14:13:43 UTC 2010 - chris@computersalat.de
- update to 1.3.3b
+ Fixed SFTP directory listing bug
+ Avoid corrupting utmpx databases on FreeBSD
+ Avoid null pointer dereferences during data transfers
+ Fixed "AuthAliasOnly on" anonymous logins
- rpmlint: no-pkg-config-provides
o add BuildReq pkg-config
- removed changes from spec
-------------------------------------------------------------------
Wed Jul 7 14:17:45 UTC 2010 - chris@computersalat.de
- update to 1.3.3a
+ Added Japanese translation
+ Many mod_sftp bugfixes
+ Fixed SSL_shutdown() errors caused by OpenSSL 0.9.8m and later
+ Fixed handling of utmp/utmpx format changes on FreeBSD
- rpmlint: self-obsoletion
-------------------------------------------------------------------
Wed May 5 14:01:02 UTC 2010 - mseben@novell.com
- fix build : dir-or-file-in-var-run badness : /var/run/proftpd dir
is marked as ghost and it is created in init script now
-------------------------------------------------------------------
Fri Apr 9 15:44:32 UTC 2010 - mseben@novell.com
- added ncurses-devel to buildrequires to fix ftptop message : "no
curses or ncurses library on this system"
-------------------------------------------------------------------
Fri Feb 26 16:01:47 UTC 2010 - chris@computersalat.de
- added info for "STABLE" versions only
-------------------------------------------------------------------
Thu Feb 25 00:14:20 UTC 2010 - chris@computersalat.de
- update to 1.3.3
o Fixed mod_ban whitelisting using mod_ifsession.
o Fixed per-user/group/class "HideFiles none" configurations.
- 1.3.3rc4
o Fixed mod_tls compilation using OpenSSL installations older
than 0.9.7.
o Fixed mod_sftp compilation on AIX.
o Fixed RADIUS authentication on 64-bit platforms
o Fixed memory leak in SCP downloads.
o New configuration directives
SQLPasswordUserSalt
The SQLPasswordUserSalt directive can be used to configure
per-user salt data to be added to the encrypted password
for a user. The salt can be the user name, or it can be
the result of a SQL query. More information can be found in
doc/contrib/mod_sql_passwd.html#SQLPasswordUserSalt.
-------------------------------------------------------------------
Wed Feb 10 16:10:32 CET 2010 - diego.ercolani@gmail.com
- update to 1.3.3rc3
- try to be compatible with osc :-)
-------------------------------------------------------------------
Sun Dec 20 19:39:10 UTC 2009 - chris@computersalat.de
- update to 1.3.2c
o Bug and regression fixes.
- removed obsolete CVE patch
-------------------------------------------------------------------
Mon Oct 26 12:35:29 UTC 2009 - mseben@novell.com
- fixed CVE-2009-3639 : mod_tls security issue (bnc#549740)
-------------------------------------------------------------------
Wed Sep 16 18:17:04 UTC 2009 - alexandre@exatati.com.br
- Update tarball to its upstream version without
bzipped patch;
- Removed blank spaces at enf of lines on spec file;
- Replaced tab characters on spec file.
-------------------------------------------------------------------
Wed Sep 16 11:20:20 UTC 2009 - chris@computersalat.de
- update to 1.3.2 (1.3.2a)
o many bugfixes, read ChangeLog or NEWS
o include 1.3.2a upstream patch
o removed old patches
* proftpd-1.3.1-umode_t.patch
* proftpd-1.3.1-O_CREAT.patch
* proftpd-1.3.1-libcap.patch
* proftpd-1.3.1-CVE-2009-0542.patch
* proftpd-1.3.1-CVE-2009-0543.patch
o reworked basic.conf.patch
- spec mods
o removed ^#-----
o removed {rel}
o clean
* rm -rf RPM_BUILD_ROOT
o added sub sqlite
- fixed deps
o BuildRequires: sqlite3-devel unixODBC-devel
- rpmlint
o description-shorter-than-summary
o source-or-patch-not-bzipped proftpd-1.3.2a.patch
-------------------------------------------------------------------
Tue Jul 7 22:21:50 CEST 2009 - chris@computersalat.de
- added proftpd.passwd
o it is an initial passwd for virtuser and
anonymous login works well with it :)
-------------------------------------------------------------------
Mon Jul 6 22:16:46 CEST 2009 - chris@computersalat.de
- added ftpasswd.patch
- rework of basic.conf patch
- removed README.AIX
-------------------------------------------------------------------
Thu Apr 16 01:54:23 CEST 2009 - chris@computersalat.de
- added basic.conf patch
- added dist.patch
o fix for xinetd, logrotate, pam
- some more subpackages
o ldap, mysql, pgsql, radius
- added ftpasswd for simple virtuser support
- added auth DIR /etc/proftpd/auth
o passwd for virtuser
- added conf.d DIR /etc/proftpd/conf.d
o configs for inclusion
- added log DIR /var/log/proftpd
- beautify init file
- beautify spec file
-------------------------------------------------------------------
Wed Feb 18 10:40:55 CET 2009 - mseben@suse.cz
- added proftpd.conf with uploads section
-------------------------------------------------------------------
Fri Feb 13 16:55:01 CET 2009 - mseben@suse.cz
- fixed sql injection vulnerability which allows remote attackers
to execute arbitrary SQL commands via a "%" character
CVE-2009-0542.patch (bnc#475316)
- fixed vulnerability which allows remote attackers to bypass SQL
injection protection mechanisms via invalid, encoded multibyte
characters CVE-2009-0543.patch (bnc#475316)
-------------------------------------------------------------------
Mon Jan 26 14:19:45 CET 2009 - mseben@suse.cz
- splitted HTML doc to proftpd-doc
- added %post and %postun macro to spec
-------------------------------------------------------------------
Thu Jan 22 13:58:33 CET 2009 - mseben@suse.cz
- fixed missing third argument in open function (*-O_CREAT.patch)
- disabled striping libraries (*-no_strip.patch)
- fixed configure script (*-umode_t.patch)
- added -DLDAP_DEPRECATED to CFLAGS because of deprecated ldap_init
function
- disabled contrib scripts for now
- fixed handling _LINUX_CAPABILITY_VERSION on newer linux kernel.
(proftpd-*-libcap.patch)
-------------------------------------------------------------------
Wed Aug 20 12:43:56 CEST 2008 - mrueckert@suse.de
- disabled debugging stuff for now
-------------------------------------------------------------------
Fri Oct 19 11:58:42 CEST 2007 - mrueckert@suse.de
- enabled missing modules (mod_ban,mod_wrap2*,mod_quota_radius)
and replaced the hardcoded value for --with-shared with a
dynamically generated list
-------------------------------------------------------------------
Sat Oct 6 03:42:39 CEST 2007 - mrueckert@suse.de
- update to 1.3.1:
Many bugfixes and new features like dynamic blacklisting of
clients, improved SQL handling, and quotas.
- added --enable-devel=coredump,nodaemon,nofork
- added devel subpackage for the headers
-------------------------------------------------------------------
Wed Nov 29 04:11:44 CET 2006 - mrueckert@suse.de
- update to 1.3.0a:
fixes a remote code execution. CVE-2006-5815
(http://bugs.proftpd.org/show_bug.cgi?id=2858)
